CVE-2024-11356

Published Jan 6, 2025

Last updated 2 months ago

CVSS medium 6.1

Overview

Description
The tourmaster WordPress plugin before 5.3.4 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.
Source
contact@wpscan.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.1
Impact score
2.7
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Social media

Hype score
Not currently trending

  1. CVE-2024-11356 Cross-Site Scripting Vulnerability in Tourmaster WordPress Plugin Pre-5.3.4 The tourmaster WordPress plugin prior to version 5.3.4 fails to sanitize and escape certain parameters when displaying th... https://t.co/VELTLhQcLW

    @VulmonFeeds

    6 Jan 2025

    56 Impressions

    1 Retweet

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

References